Be free…. be yourself with Linux.

Archive for October, 2007

NTFS is Windows NT File System format. It has more performance, reliability, and compatibility not found in the FAT file system. For default, Ubuntu doesn’t support NTFS format.

How can I write on NTFS format disks?

If you are using Ubuntu Feisty (7.04), you can’t read or write on NTFS format. You have to download the additional package for this function. These installation packages are ‘ntfs-3g‘ and ‘ntfs-config‘.

After the installation process is done, a setting menu will occur. You can choose to enable the ‘write’ function.

You can change the configuration from ‘ntfs-config’ screen.

Open menu ‘Application > System Tools > NTFS Configuration Tool‘.

After ‘ntfs-config’ screen is displayed, select partition that you want to configure and click on ‘Apply‘.

Then when NTFS write support configuration tool displayed, choose both ‘Enable write support for internal device‘ and ‘Disable write support for external device‘.

ATENTION:

Enable write support for internal device

You will be able to write data on NTFS format disk (internal hard disk and shared data in windows network).

Disable write support for external device

If you enable it, sometimes your USB External Hard disk will not be recognized by Ubuntu. Actually, this is the problem that I got in the moment (I use external HD Maxtor One Touch 100GB). When I wrote this article, I haven’t do googling yet to find the solution. So, please write comments if you find the solution earlier than me.

Samba can act as Domain Controller. It will centralize the Authorization and Authentication services.

taufanlubis@zyrex:~$ sudo gedit /etc/samba/smb.conf

[global]

workgroup = UbuntuWorkgroup

netbios name = UbuntuZyrex

server string = UbuntuZyrexServer

hosts allow = 192.168.0.0/24 127.

hosts deny = ALL

log file = /var/log/samba/log.%m

dns proxy = no

max log size = 1000

syslog = 0

obey pam restrictions = yes

domain logons = yes

domain master = auto

wins support = no

logon path = \\%N\%U\profile

logon home = \\%N\%U

logon script = logon.cmd

socket options = TCP_NODELAY

[sharing_data]

path = /home/sharing_data/

comment = Taufan Sharing Folder at Ubuntu

public = yes

encrypt passwords = no

security = share

read only = yes

browseable = yes

directory mask = 0700

create mask = 0600

[Amanda]

path = /home/amanda/

comment = Angela Folder at Ubuntu

public = no

read only = no

encrypt passwords = yes

browseable = yes

security = user

valid users = amanda, alice, mark, taufanlubis, nadine

force user = amanda

force group = amanda

[netlogon]

comment = Network Logon Service

path = /home/samba/netlogon

guest ok = yes

writable = no

share modes = no

[profiles]

comment = Users profiles

path = /home/samba/profiles

guest ok = no

browseable = no

create mask = 0600

directory mask = 0700

[printers]

comment = All Printers

load printers = yes

printing = cups

printcap name = cups

browseable = no

path = /var/spool/samba

printable = yes

public = no

writable = no

create mode = 0700

[print$]

comment = Printer Drivers

path = /var/lib/samba/printers

browseable = yes

read only = yes

guest ok = no

[cdrom]

comment = Samba server’s CD-ROM

writable = no

locking = no

path = /cdrom

public = yes

#printer

load printers = yes

printing = cups

printcap name = cups

taufanlubis@zyrex:~$

If you have clients that still use Windows, you have to set the ‘encrypt passwords = no’ because Windows only can access the plain password from Samba Server. That’s why, I put the encrypt password into different share-directories.

If it’s accessed by Linux the I set encrypt passwords = yes and it’s accessed by Windows Clients then I set encrypt passwords = no.

Now, let’s check our configuration.

taufanlubis@zyrex:~$ sudo smbclient -L 192.168.0.2

Password:

session setup failed: NT_STATUS_LOGON_FAILURE

taufanlubis@zyrex:~$

When you use smbclient, just don’t put ‘sudo’, it will create an error like above. Now, I repeat the command without ‘sudo‘. This command is used to check sharing directories in Samba Servers.

taufanlubis@zyrex:~$ smbclient -L 192.168.0.2

Password:

Domain=[UBUNTUWORKGROUP] OS=[Unix] Server=[Samba 3.0.26a]

Sharename Type Comment

——— —- ——-

sharing_data Disk Taufan Sharing Folder at Ubuntu

Amanda Disk Angela Folder at Ubuntu

netlogon Disk Network Logon Service

print$ Disk Printer Drivers

cdrom Disk Samba server’s CD-ROM

IPC$ IPC IPC Service (UbuntuZyrexServer)

PDF Printer PDF

LX-1050 Printer LX-1050

Laserjet1320 Printer Laserjet1320

Domain=[UBUNTUWORKGROUP] OS=[Unix] Server=[Samba 3.0.26a]

Server Comment

——— ——-

UBUNTUZYREX UbuntuZyrexServer

Workgroup Master

——— ——-

UBUNTUWORKGROUP UBUNTUZYREX

taufanlubis@zyrex:~$

What is smbclient?

Smbclient is almost the like ftp program. It’s used to access SMB resources on the servers.

Connect to your directory using smbclient

After you are connected, you can browse, add, delete files or directories. Of course, it will be depended on your access level. You can use common Linux command line, such as cp, mv, mkdir, rm, rmdir, ls etc..

taufanlubis@zyrex:~$ smbclient -U amanda //192.168.0.2/amanda

Password:

Domain=[UBUNTUZYREX] OS=[Unix] Server=[Samba 3.0.26a]

smb: \> ls

. D 0 Mon Oct 22 08:49:20 2007

.. D 0 Mon Oct 22 08:51:01 2007

pictures D 0 Mon Oct 22 08:49:20 2007

.profile H 566 Mon Oct 22 08:48:42 2007

Examples D 0 Sun Apr 15 18:52:21 2007

Tekken.jpg A 61344 Mon Oct 22 08:49:00 2007

.bash_logout H 220 Mon Oct 22 08:48:42 2007

.bashrc H 2298 Mon Oct 22 08:48:42 2007

48209 blocks of size 262144. 15950 blocks available

smb: \> cd pictures/

smb: \pictures\> ls

. D 0 Mon Oct 22 08:49:20 2007

.. D 0 Mon Oct 22 08:49:20 2007

Robot.jpg A 87919 Mon Oct 22 08:49:21 2007

48209 blocks of size 262144. 15950 blocks available

smb: \pictures\> cd ..

smb: \>

smb: \> exit

taufanlubis@zyrex:~$

Well, you’ve done the 4 practices. Now, we can go further with our lesson.

Firewall and Security

Samba need port 137 and 139 for the connection. If you are using Firewall application (Such as Firestarter, smoothwall or others), please make sure that you enable this port. Usually, every firewall applications block these ports as a default. If you are using Iptables and you want to open this ports, you can see my article about setting ports using Iptables.

Starting Samba when the machine boot

You set the Samba server to run automatically when the system booting. (see my articles about Run Level)

taufanlubis@zyrex:~$ sudo update-rc.d samba defaults

Adjust the configuration file to your need

For example, you want to create a directory for training_modules and only 5 persons can access and modify that directory. First you create the training_modules directory, Second add the configuration at smb.conf and restart the Samba Server and the Third, don’t forget to add the user to Samba Server User List (Practice 3, part 2).

Samba is the same like NFS which is used to share files and printers in Linux. Not like NFS, Samba implements SMB (Server Message Block) network protocol so it can be used for windows networking. In Windows and OS/2, they name it CIFS (Common Internet File System).

Future versions of Samba will incorporate Kerberos support for stronger authentication, as well as better integration with existing Windows. NFS is ‘Native’ to Linux, Solaris and Mac OS and much more to ‘Unix’ way of sharing files. If you want to use NFS, use NFS version 3 or better. NFS version 2 or older will have some issues with file sizes.

It can use to replace a very expensive, unstable Windows servers. Samba can replicate nearly all of Windows Server functionally. It appears in the Network Neighborhood like any other Windows machine and function in the same way. And perhaps, some server on your network right now could be running Samba instead of Windows and no want would ever notice.

Why we use Samba?

IT’S FREE.

The forforming is over Microsoft Windows Server 2000.

Reliable. (No malfunctions except if you have problem with the hardware).

Relatively easy for administrator.

Customizable. (You can set from a simple printer server to complex Windows Domain Contoller).

Secure. (No security holes known in current release).

Available for many platforms.

Integrated into existing network. (Very rare compability problems).

Samba consist of 2 main programs:

smbd

a server daemon that provides file sharing and printing services to Windows clients

nmbd

a server that understands and can reply to Net BIOS over IP name service requests, like those produced by SMB/CIFS clients such as Windows 95/98/ME, Windows NT, Windows 2000, Windows XP and LanManager clients. It also participates in the browsing protocols which make up the Windows “Network Neighborhood” view.

Other additional program are smbclient, smbpasswd etc.

There 4 main functions of Samba:

– File service (Sharing Folders with Linux or Windows clients.)

– Printer service (Sharing Printers with Linux or Windows clients. Event you can add a PDF pseudo-printer so all the computers in your network may write PDF files.)

– Authentication and Authorization (Act as a domain controller in Windows network.)

– Name resolution

When you don’t need samba?

Access shared folders, drives and printers on Windows computer. Mean you are a client to windows server. You just need a smbfs Plugin.

– Sharing files among Linux, just use NFS service.

– Sharing printer among Linux, just use remote lpd.

– Share you printer on network with Windows computer, just use CUPS.

– Sharing directories between 2 Linux computers, just use NFS or setup a FTP server on one computer and a FTP client to the other computer.

If everything, can be done without Samba then why we still need it?

If you have a Linux server with Windows clients and you want them to go to the Authorization process firstbefore they can access your server directories or printers then you need Samba.

Step 1. Installing Samba Server

taufanlubis@zyrex:~$ sudo apt-get install samba

Reading package lists… Done

Building dependency tree

Reading state information… Done

samba is already the newest version.

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

taufanlubis@zyrex:~$

If you have Samba installed already in your system then the message will be same like above.

Step 2. Configuring Samba Server and Restart it

Always make a back up when you change a configuration file.

taufanlubis@zyrex:~$ cd /etc/samba

taufanlubis@zyrex:/etc/samba$ ls -l

total 28

-rw-r–r– 1 root root 8 2007-02-07 13:38 gdbcommands

-rw-r–r– 1 root root 10533 2007-10-07 20:09 smb.conf

-rw-r–r– 1 root root 4213 2007-08-20 17:28 smb.conf~

taufanlubis@zyrex:/etc/samba$ sudo cp smb.conf smb.conf.bak

taufanlubis@zyrex:/etc/samba$ ls -l

total 28

-rw-r–r– 1 root root 8 2007-02-07 13:38 gdbcommands

-rw-r–r– 1 root root 10533 2007-10-07 20:09 smb.conf

-rw-r–r– 1 root root 4213 2007-08-20 17:28 smb.conf~

-rw-r–r– 1 root root 10533 2007-08-20 06:16 smb.conf.bak

taufanlubis@zyrex:/etc/samba$

Now you have a back up already, then you can continue to change the smb.conf. Delete all content and replace with the configuration below. I create a simple configuration for our practice.

Before we start, better we create a directory for our shared-directory. In this sample, I will put our directory in home/ directory.

taufanlubis@zyrex:~$ cd /home

taufanlubis@zyrex:/home$ sudo mkdir sharing_data

Change the permission so it can be read, written and deleted from client computers (only ‘group’ can delete files not everybody(other)).

taufanlubis@zyrex:/home$ sudo chmod uog+r sharing_data

You can copy any data into sharing_data directory for practice.

After that, edit samba configuration file, delete the content and replace with our new configuration.

taufanlubis@zyrex:~$ sudo gedit /etc/samba/smb.conf

[Global]

workgroup = UbuntuWorkgroup

netbios name = UbuntuZyrex

server string = UbuntuZyrexServer

security = share

hosts allow = 192.168.0.1/24 127.0.0.1

[sharing_data]

path = /home/sharing_data

comment = Taufan Sharing directory at Ubuntu

public = yes

read only = yes

browseable = yes

Save the file and restart the Samba server.

taufanlubis@zyrex:~$ sudo /etc/init.d/samba restart

* Stopping Samba daemons… [ OK ]

* Starting Samba daemons… [ OK ]

taufanlubis@zyrex:~$

To test our practice, connect to Samba server with any web browser using command ‘smb://192.168.0.2‘ (in Linux). When I open my Samba server from OpenSuse10 using Konqueror (you can use any web browser or file manager), I can see the ‘sharing_data’ directory displayed on the screen. I can browse the directory but when I save a file in it, I get a message says ‘Access Denied. Could not write to smb://192.168.0.2/sharing_data/testingfile.odt‘.

Mean, that our configuration is working.

If you can access your ‘sharing_data’ directory mean you’ve completed our first practice.

This configuration says that you want to share ‘/home/sharing_data’ directory in the network.

nmap is a powerfull scanner available in Unix/Linux system. It’s very usefull for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine againts single hosts.

It’s very easy to install nmap in Ubuntu, just download from the internet.

FTP (File Transfer Protocol) is a program to exchange files between two computers or to other computers in a local network or over inter networks (internet). May be you don’t know that you’ve already used it before when you download something from the internet. Most often, a computer with a FTP address is dedicated to receive a FTP connection.

What is ftp sites?

Ftp site is the like old Filling cabinets where you put your datas in it. Organized and labeled so it will easier next time you or any one who need the files can take it back next time.

That concept is applied in ftp sites. You can take any files that you want to download based access level provided. The Administrator can set which files to keep locked and which open to public.

What is ftp Server?

Ftp server is a machine that serves the authorized users to get the requested files. The FTP file sharing protocol is an old protocol which was created when internet was still a secure place. That’s why the default FTP protocol is not that secure. Mean that your username and password for login are transmitted in plain text, well… which is not secure for sure.

There are several configurations that you can set for your proftpd server.

as chrooted at /home directory

as anonymous proftpd user to read only

as anonymous proftpd user to read/write

as anonymous proftpd user to directory outsite /home/ftp

In this article, I want to show you how you can create a ftp server in a short time. In this practice, I use ‘proftpd’ as our ftp server. The file is not too big and it’s not difficult to install.